4.3

CVE-2007-4510

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Clam Anti-virusClamav Version <= 0.91.2
KolabKolab Server Version2.0
KolabKolab Server Version2.0.1
KolabKolab Server Version2.0.2
KolabKolab Server Version2.0.3
KolabKolab Server Version2.0.4
KolabKolab Server Version2.1
KolabKolab Server Version2.2beta1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.97% 0.778
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://docs.info.apple.com/article.html?artnum=307562
http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html
http://www.vupen.com/english/advisories/2008/0924/references
http://secunia.com/advisories/29420
http://secunia.com/advisories/26822
http://www.trustix.org/errata/2007/0026/
http://secunia.com/advisories/26674
http://www.novell.com/linux/security/advisories/2007_18_sr.html
http://kolab.org/security/kolab-vendor-notice-17.txt
http://secunia.com/advisories/26530
Patch
Vendor Advisory
http://secunia.com/advisories/26552
Patch
Vendor Advisory
http://secunia.com/advisories/26654
http://secunia.com/advisories/26683
http://secunia.com/advisories/26751
http://secunia.com/advisories/26916
http://security.gentoo.org/glsa/glsa-200709-14.xml
http://securityreason.com/securityalert/3054
http://sourceforge.net/project/shownotes.php?release_id=533658
http://www.debian.org/security/2007/dsa-1366
http://www.mandriva.com/security/advisories?name=MDKSA-2007:172
http://www.securityfocus.com/bid/25398
Patch
http://www.vupen.com/english/advisories/2007/2952
https://exchange.xforce.ibmcloud.com/vulnerabilities/36173
https://exchange.xforce.ibmcloud.com/vulnerabilities/36177
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611